<div dir="ltr">Thanks Justing. Yes, that was the idea :-)</div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/6/18 Justin Richer <span dir="ltr"><<a href="mailto:jricher@mitre.org" target="_blank">jricher@mitre.org</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Forwarding Nat's response out to the wider list, as I believe that
was his intent.<br>
<div><br>
<br>
-------- Original Message --------
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Subject:
</th>
<td>Re: [Openid-specs-ab] Draft note to IETF</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Date: </th>
<td>Tue, 18 Jun 2013 00:04:36 +0900</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">From: </th>
<td>Nat Sakimura <a href="mailto:sakimura@gmail.com" target="_blank"><sakimura@gmail.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">To: </th>
<td>Justin Richer <a href="mailto:jricher@mitre.org" target="_blank"><jricher@mitre.org></a></td>
</tr>
</tbody>
</table><div><div class="h5">
<br>
<br>
<div dir="ltr">... and so is NRI; NRI has implemented OpenID
Connect for several major identity providers in Japan. </div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2013/6/17 Justin Richer <span dir="ltr"><<a href="mailto:jricher@mitre.org" target="_blank">jricher@mitre.org</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> MITRE's
implementation has been live on our public server for
nearly a year now, and a number of other groups have used
the MITREid Connect open source project in their own
deployments. <br>
<span><font color="#888888"> <br>
-- Justin</font></span>
<div>
<div><br>
<br>
<div>On 06/15/2013 02:53 AM, Torsten Lodderstedt
wrote:<br>
</div>
<blockquote type="cite">
<div>Deutsche Telekom's implementation is available
in production since last Wednesday.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Torsten.</div>
<div><br>
Am 13.06.2013 um 18:32 schrieb Brian Campbell <<a href="mailto:bcampbell@pingidentity.com" target="_blank">bcampbell@pingidentity.com</a>>:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">Also, FWIW, Ping Identity's
initial OpenID Connect product support went
from just "announced" to actually "generally
available" yesterday.<br>
<br>
<a href="https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050" target="_blank">https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050</a><br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, Jun 13, 2013
at 10:26 AM, Nat Sakimura <span dir="ltr"><<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div>Not Amazon yet. They are waiting
for us. Paypal, yes. <br>
<br>
=nat via iPhone</div>
<div><br>
Jun 14, 2013 1:19�$B!"�(BMike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>>
�$B$N%a%C%;!<%8�(B:<br>
<br>
</div>
<div>
<div>
<blockquote type="cite">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Yes.
Updated below…</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">To:
<a href="mailto:jose-chairs@tools.ietf.org" target="_blank">jose-chairs@tools.ietf.org</a>;
<a href="mailto:oauth-chairs@tools.ietf.org" target="_blank">
oauth-chairs@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Cc:
<a href="mailto:iesg@ietf.org" target="_blank">iesg@ietf.org</a>; <a href="mailto:draft-ietf-oauth-json-web-token@tools.ietf.org" target="_blank">
draft-ietf-oauth-json-web-token@tools.ietf.org</a>; <a href="mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org" target="_blank">
draft-ietf-jose-json-web-encryption@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Subject:
Liaison statement from
OpenID Foundation to IETF
on JWT and JOSE</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">I’m
writing on behalf of the
OpenID Connect Working
Group, in the OpenID
Foundation. We have been
working for three years on
specifying this
identity-federation
protocol. Our
specifications have
reached stability (what we
call “Implementer’s
Drafts”) and we anticipate
a final vote and approval
in the coming months.
We’re confident approval
will be forthcoming since
OpenID Connect is already
in production at Google
and Amazon, a product has
been announced by Ping
Identity, a JWT product
has shipped from
Microsoft, and we expect
numerous OpenID Connect
and JWT deployments in the
coming months.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Our
work is dependent on the
JSON Web Token (JWT) and
the JSON Object Signing
and Encryption (JOSE)
specifications, products
of the IETF OAuth and JOSE
working groups. JWTs have
been stable for some time,
and code to parse and
validate them is widely
available in libraries for
popular programming
languages. However,
progress towards an RFC in
JOSE seems slow, which is
holding up the JWT RFC in
OAuth, and we do not have
a clear feeling when this
work is likely to
complete. As chartered,
the JOSE documents were to
have gone to working group
last call a year ago and
this still has not
happened.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Unfortunately,
it’s not practical for our
membership to wait
indefinitely, and thus our
most likely course of
action will be to take
dependencies
on draft-ietf-oauth-json-web-token-08
and the -11 versions of
the JOSE specifications or
subsequent versions that
are compatible with them
when the time comes to
publish our final
specifications. It would
obviously be preferable
for the JWT and JOSE RFCs
to be completed in a
timely fashion instead.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">We
bring this to your
attention simply because
if some other organization
were planning to lock in a
dependency on one of our
earlier drafts, we’d like
to hear about it.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">--
Tim Bray for the OpenID
Connect Working Group and
the OpenID Foundation</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Brian Campbell [<a href="mailto:bcampbell@pingidentity.com" target="_blank">mailto:bcampbell@pingidentity.com</a>]
<br>
<b>Sent:</b> Thursday,
June 13, 2013 9:13 AM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> Tim Bray; <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>><br>
<b>Subject:</b> Re:
[Openid-specs-ab] Draft
note to IETF</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">"<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">were
have gone" -> "were
to have gone" ... ?</span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On
Thu, Jun 13, 2013 at
9:30 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>>
wrote:</p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Tim
– a slightly
revised note
follows. The
working group
agreed for you to
circulate it
privately to
insiders for
feedback. We also
need to run this
by the board
before formally
sending it, since
it’s speaking on
behalf of the
foundation. If
you can let us
know what kinds of
informal feedback
you receive, that
would be great.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
-- Mike</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">To:
<a href="mailto:jose-chairs@tools.ietf.org" target="_blank">jose-chairs@tools.ietf.org</a>;
<a href="mailto:oauth-chairs@tools.ietf.org" target="_blank">oauth-chairs@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Cc:
<a href="mailto:iesg@ietf.org" target="_blank">iesg@ietf.org</a>; <a href="mailto:draft-ietf-oauth-json-web-token@tools.ietf.org" target="_blank">
draft-ietf-oauth-json-web-token@tools.ietf.org</a>; <a href="mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org" target="_blank">
draft-ietf-jose-json-web-encryption@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Subject:
Liaison statement
from OpenID
Foundation to IETF
on JWT and JOSE</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">I’m
writing on behalf
of the OpenID
Connect Working
Group, in the
OpenID Foundation.
We have been
working for three
years on
specifying this
identity-federation
protocol. Our
specifications
have reached
stability (what we
call
“Implementer’s
Drafts”) and we
anticipate a final
vote and approval
in the coming
months. We’re
confident approval
will be
forthcoming since
OpenID Connect is
already in
production at
Google, a product
has been announced
by Ping Identity,
a JWT product has
shipped from
Microsoft, and we
expect numerous
OpenID Connect and
JWT deployments in
the coming months.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Our
work is dependent
on the JSON Web
Token (JWT) and
the JSON Object
Signing and
Encryption (JOSE)
specifications,
products of the
IETF OAuth and
JOSE working
groups. JWTs have
been stable for
some time, and
code to parse and
validate them is
widely available
in libraries for
popular
programming
languages.
However, progress
towards an RFC in
JOSE seems slow,
which is holding
up the JWT RFC in
OAuth, and we do
not have a clear
feeling when this
work is likely to
complete. As
chartered, the
JOSE documents
were have gone to
working group last
call a year ago
and this still has
not happened.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Unfortunately,
it’s not practical
for our membership
to wait
indefinitely, and
thus our most
likely course of
action will be to
take dependencies
on draft-ietf-oauth-json-web-token-08
and the -11
versions of the
JOSE
specifications or
subsequent
versions that are
compatible with
them when the time
comes to publish
our final
specifications.
It would obviously
be preferable for
the JWT and JOSE
RFCs to be
completed in a
timely fashion
instead.</span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">We
bring this to
your attention
simply because
if some other
organization
were planning to
lock in a
dependency on
one of our
earlier drafts,
we’d like to
hear about it.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">--
Tim Bray for the
OpenID Connect
Working Group and
the OpenID
Foundation</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:openid-specs-ab-bounces@lists.openid.net" target="_blank">openid-specs-ab-bounces@lists.openid.net</a>
[mailto:<a href="mailto:openid-specs-ab-bounces@lists.openid.net" target="_blank">openid-specs-ab-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Brian
Campbell<br>
<b>Sent:</b>
Thursday, June 13,
2013 6:30 AM<br>
<b>To:</b> Tim
Bray<br>
<b>Cc:</b> <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>><br>
<b>Subject:</b>
Re:
[Openid-specs-ab]
Draft note to IETF</span></p>
<div>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">While somewhat esoteric, it's probably
important in
this context
to be accurate
about the
various
documents and
the WGs that
are
responsible
for them.</p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Though JWT does depend heavily on JOSE
work, it
itself isn't a
JOSE WG item.
Rather it is a
product of the
OAUTH WG<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">
and, as such,
asking the
JOSE WG to do
anything with
JWT doesn't
make a lot of
sense.</span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">The
broader issue
remains though
and I support
the Connect
group
providing some
encouragement
to the IETF
towards
progressing
the
dependencies.
But we
probably need
to acknowledge
that even
within the
IETF the
document and
WG
relationships
are somewhat
complicated by
dependencies.</span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> </p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On
Wed, Jun 12,
2013 at 3:00
PM, Tim Bray
<<a href="mailto:tbray@textuality.com" target="_blank">tbray@textuality.com</a>>
wrote:</p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">This
should go to
the JOSE WG
chair, the ADs
for that area,
and the IESG</span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">I’m
writing on
behalf of the
OpenID Connect
Working Group,
in the OpenID
Foundation.
We have been
working for
<insert-time-period>
on specifying
this
identity-federation
protocol. Our
specifications
have reached
stability
(what we call
“implementor’s
draft”) and we
anticipate a
final vote and
approval in
the coming
months. We’re
confident
approval will
be forthcoming
since OIDC is
already in
production at
Google,
<insert-other-deployments>
and we expect
deployments at
<insert-other-predictions>.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Our
work is
dependent on
JWT, a product
of the IETF
“jose” working
group. JWTs
have been
stable for
some time, and
code to parse
and validate
them is widely
available in
libraries for
popular
programming
languages.
However,
progress
towards an RFC
in jose seems
slow, and we
do not have a
feeling when
this work is
likely to
stabilize.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Unfortunately,
it’s not
practical for
our membership
to wait, and
thus our most
likely course
of action will
be to take a
dependency
on draft-ietf-oauth-json-web-token-08
when the time
comes to
publish our
specification.
</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">We
bring this to
your attention
simply because
if some other
organization
were planning
to lock in a
dependency on
one of our
earlier
drafts, we’d
like to hear
about it. </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">[I’m
going to
unofficially
run this by
some of my
IETF-insider
contacts, but
thought I
should
sanity-check
the content
here first]</span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-ab
mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></p>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-ab mailing
list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></p>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Openid-specs-ab mailing
list</span><br>
<span><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Openid-specs-ab mailing list</span><br>
<span><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br>
</div>
</blockquote>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Nat Sakimura (=nat)
<div>Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</div>
</div>
<br>
</div></div></div>
<br>
</div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>
</div>